Talos has added and modified multiple rules in the file-image, file-office, malware-backdoor, malware-cnc, malware-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (server-other.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (malware-other.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (malware-backdoor.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (malware-backdoor.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (malware-cnc.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (malware-cnc.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
* 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (malware-other.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (server-other.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (malware-backdoor.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (malware-backdoor.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (malware-cnc.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (malware-cnc.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
* 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (malware-backdoor.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (malware-backdoor.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (malware-cnc.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (malware-cnc.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (malware-other.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (server-other.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
* 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (malware-backdoor.rules) * 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (malware-cnc.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (malware-backdoor.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (malware-other.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (server-other.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (malware-cnc.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
* 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (snort3-malware-other.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (snort3-malware-cnc.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (snort3-malware-backdoor.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (snort3-protocol-voip.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (snort3-malware-other.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (snort3-malware-backdoor.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (snort3-malware-cnc.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (snort3-malware-other.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (snort3-server-other.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (snort3-server-webapp.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (snort3-server-webapp.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (snort3-server-webapp.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (snort3-server-webapp.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (snort3-protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (snort3-protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (snort3-protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (snort3-protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (snort3-protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (snort3-protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (snort3-protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (snort3-protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (snort3-protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (snort3-protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (snort3-protocol-voip.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (snort3-protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (snort3-protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (snort3-protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (snort3-protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (snort3-protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (snort3-protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (snort3-protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (snort3-protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (snort3-protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (snort3-protocol-voip.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (snort3-malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (snort3-malware-other.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (snort3-malware-other.rules) * 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (snort3-malware-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (snort3-malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (malware-cnc.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (malware-backdoor.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (malware-backdoor.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (malware-cnc.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (malware-other.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (server-other.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
* 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (malware-backdoor.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51500 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing Contact header field attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple content-length headers attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (malware-cnc.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (malware-cnc.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (malware-backdoor.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (malware-other.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules)
* 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
